In GFI MailEssentials v20.2 available on insider.gfi.com, we are proposing a new change to the macro blocking

1) Block Malicious Macros
2) Block All Macros

The Block Malicious Macros setting should be a valuable setting to block anything malicious and keep the company protection.
Various techniques are employed from the different AV vendors to detect malicious macros, including heuristics and definitions.

I'd like to add another vote for a separate macro scanning function with whitelist capability. We too have organisations that routinely send macro enabled documents. It's not practical to try and educate every business contact and the burden of checking the quarantine is significant for our small IT team.

Hi Ian, I understand the stance on now allowing whitelists for malware but macros aren't always malware. Our customers are some of the biggest companies in the world and they still send documents with macros in them. If we turn off the protection we leave ourselves open to people running malicious macros and causing damage.

Anti-virus doesn't know the difference, so it's no use blocking macros with that, and we'd just run into the same issue of customer documents not opening.

If there's no whitelist then we need another solution to allow messages with macros through from certain domains/senders.

This is really hurting us at the moment. We get so much other bitdefender hits that turning on notifications would be pointless. Either adding a whitelist for macro checking or breaking macro checking out into its own engine with a whitelist would be really useful.

Sending malicious macros has come back into fashion again, so we've had to turn on the blocking feature. The customer in this case is too big to care, so my team is having to check the logs every few hours to make sure we don't miss any important emails.

This is the kind of issue that if not resolved soon, will force me to look fo replace GFI with something else.